Software to Support Human Rights 194
An anonymous reader writes "Some software rollouts have lives hanging in the balance. Human rights workers in massacre zones from El Salvador to Kosovo face prying eyes peering into their address books and logs, who follow up with bullets and poison gas. One project, Martus, takes these hostile environments into account: a leak can get whole families killed. They use encryption, distributed backup, and other techniques designed to survive the ultimate corrosive environment: vindictive armies in countrysides in the throes of war. The source code is open, to allow meaningful contributions from anyone willing to help. These people bet their lives on open source and private data. The sponsor organization, Benetech in Silicon Valley, funds projects that arm global rights workers, and people under siege, with communications tools that counterbalance the overwhelming force used to exterminate everything "Free"."
open source dangerous! (Score:5, Insightful)
[b]including people who do not mean well[b]
watch out!
Re:open source dangerous! (Score:5, Insightful)
Especially in the case of projects like this, I can see a significant danger of someone deliberately introducing a "mistake" which could completely compromise the system's security. With off-by-one errors routinely being found many years after they were initially introduced, I suspect that such an attempt could easily be successful.
Re:open source dangerous! (Score:4, Funny)
Not often enough:o rn" -l -r /usr/src/Linux/* | wc -l
einstien@mensa> grep -e "31337|h4x0r|0wned|phear|ph34r|r00tk17|sex|pr0n|p
237
Re:open source dangerous! (Score:5, Informative)
They look over it very carefully - Patches can create security problems as well as stability issues. Maintainers aren't stupid enough to include untested patches from unknown persons. Their reputations are at stake, as is the reputation of the entire project.
The poor example from above is pulling words from the comments - and those contain the foulest language imaginable. There was a Slashdot article a while back about this.
Re:open source dangerous! (Score:3, Funny)
Hey, Finnish isn't that bad.
Re:open source dangerous! (Score:4, Informative)
Documentation/filesystems/proc.txt: echo ':DEXE:M::\x0eDEX::/usr/bin/dosexec:' > register
drivers/sound/dev_table.h: int (*send_sysex)(int dev, unsigned char *bytes, int len);
arch/i386/kernel/setup.c: * misexecution of code under Linux. Owners of such processors should
and lots of @bytesex.org e-mail addresses.
Re:open source dangerous! (Score:1)
Someone a while ago [slashdot.org] made a good point in this regard. It's especially true since these folks would definitely be wary of any code that is submitted through unknown / untrusted sources.
Someone else made an opposing argument [slashdot.org], but I don't think this project will have these problems, for much the same reason.
I think it's a good idea, all round. These workers get the benefit of peer review, and the peers come away with a good feeling, knowing that they've potentially saved a lot of peoples' lives (not just their jobs)...
There's only one way... (Score:1)
Re:open source dangerous! (Score:2)
Methinks they do. Possibly to the point of overdoing it.
Just because the maintainer can accept a patch from anybody doesn't mean that the maintainer will accept a patch from anybody. Somehow I doubt that there are any maintainers so gullible as to accept any patch that says "trust me".
Actually open source is dangerous, to closed source, that is. Let's say I find a significant bug in MySQL. First, noone is going to just take my word for it, so I need to at least get to where I can duplicate the problem easily. Then I make some sort of patch that makes the problem go away. Now since my patch is probably not all that great and I don't want to have to keep repeating the experience (plus any altruistic motives), the real work begins. Repeat over a few years, and closed source is not competitive.
Re:open source dangerous! (Score:1)
With all the new US laws (Score:5, Insightful)
Re:With all the new US laws (Score:3, Insightful)
Hate to tell you this....
brace yourself...
We are about a year+ past needing something like this ourselves.
Unfortunately, this won't work for us, because NO PLACE would be safe for the central database server.
Our only options are freenet [sourceforge.net] & things of a like nature [peek-a-booty.org], which are decentralized.
On the other hand, you've got nothing to hide, aren't a terrorist, so you've nothing to fear, right?
right?
RIGHT, Citizen?
in times like these it's a good thing the founding fathers realized [uhuh.com] that future governments wouldn't play by the rules.
Re:With all the new US laws (Score:3, Interesting)
historical fascism (as seen in Spain, Germany,
Italy and Japan):
*** Nationalism and super-patriotism with a sense of historic mission.
*** Aggressive militarism even to the extent of glorifying war as good for the national or individual spirit.
*** Use of violence or threats of violence to impose views on others (fascism and Nazism both employed street violence and state violence at different moments in their development).
*** Authoritarian reliance on a leader or elite not constitutionally responsible to an electorate.
*** Cult of personality around a charismatic leader.
*** Reaction against the values of Modernism, usually with emotional attacks against both liberalism and communism.
*** Exhortations for the homogeneous masses of common folk (Volkish in German, Populist in the U.S.) to join voluntarily in a heroic mission_often metaphysical and romanticized in character.
*** Dehumanization and scapegoating of the enemy_seeing the enemy as an inferior or subhuman force, perhaps involved in a conspiracy that justifies eradicating them.
*** The self image of being a superior form of social organization beyond socialism, capitalism and democracy.
*** Elements of national socialist ideological roots, for example, ostensible support for the industrial working class or farmers; but ultimately, the forging of an alliance with an elite sector of society.
*** Abandonment of any consistent ideology in a drive for state power.
Just wondering sonething... (Score:3, Funny)
I have a vague idea on why that's not so, but nothing definate. I heard it being compared to trying to put a sausage into a meat grinder backwards to make a pig.
Re:Just wondering sonething... (Score:1)
I'm not to up on the math but the basic idea is that when you look at the encryped string, you don't have enough information to reconstruct the original. The encoded data may or may not have a one to one relation with the original values but this isn't usually a problem (think billions of possibilities).
Re:Just wondering sonething... (Score:2, Informative)
Just think how many different DSA/SSL/etc. implementations there are out there and several of these in opensource.
Re:Just wondering sonething... (Score:5, Insightful)
OK - it might be a little bit harder if you didn't know the algorithm either, but would you trust an encryption system where the author said 'we can't disclose how it works, we're worried that if people knew that they might be able to break it'?
Re:Just wondering sonething... (Score:2, Interesting)
such a device would require knowledge of a key/passcode on the owner's behalf simply to access the device/transmission/address. chances are you will find the key-bearer w/ the device. and when they do i suppose it wouldnt be difficult to 'extract' this key from the holder.
2 way comms i can understand, but as long as you can get the password/fingerprint/retina required for access out of the user, then such safeguards seem pointless.
all of the security safeguards we usually employ are with respect to people doing it behind your back without your 'assistance'..
L, R, L, R, U, D, U, D, Select + Start
Re:Just wondering sonething... (Score:4, Interesting)
Disguising the data in something else like a minidisk recorder is a good idea but obviously not everyone can do that - each person must choose a different kind of disguise, so it gets tricky.
Key logging, trojans (Score:1, Interesting)
Re:Just wondering sonething... (Score:2)
Vim (Score:4, Interesting)
Possession (Score:5, Interesting)
Strong crypto is only a part of the answer (whatever that answer may be).
Xix.
Re:Possession (Score:4, Interesting)
Re:Possession (Score:2, Insightful)
By setting human rights first. Always.
life is conflict (Score:1)
Re:Possession (Score:3, Informative)
Re:Possession (Score:2)
It's not possible to stop either, so you may as well take that as given, and keep the human rights.
Re:Possession (Score:2)
Even now, you can use the strongest crypto you want, and if you do not surrender the keys to a subpoena, you will be done for contempt of court. So you could argue that we only have the illusion of privacy.
My own feeling is that any soluion must also come from outside of what a legal system can offer. Fewer people trade kiddie pr0n than than MP3s because most people find it repugnant. Legal penalties are part of policing, but I think the social dimension at least as strong a deterrent.
Xix.
Re:Possession (Score:5, Informative)
If most people (or atleast a majority of people) started using freenet, it would change the internet in a fundamental way: it would be no longer possible to outlaw freenet. I don't see this happening anytime soon, because most people still enjoy freedom of speech. But if there were to arise a global dictator, technology has given us a way to fight back.
Re:Possession (Score:2)
--
Re:Possession (Score:1, Interesting)
Simple idea, simple answer. Yet, people cannot be idle like the people in the mideast. They have to _want_ this freedom enough to lay down their life. In this last sentence _only_ is where you find the complexity.
This is in reference to the parent as well as the article. The government is there to make laws. If they aren't, then they aren't doing their job. Once a law is in place, it is very hard to remove. Enough of these laws, and you get Homeland Defense. A noble attempt to protect us at the cost of FREEDOM WE HAD. Enough of these Homeland Defenses, and America will be ready for July 4 version 2.
I am not bitter at any of this nor am I a revolutionary, but I know enough history to see where this goes. It has been written democracy will always devolve into dictatorship. Seems right now it is in the oligarchy area (corporations run us).
In the U.S. Context (Score:1)
Amendment IV
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
Re:Possession (Score:2)
Getting off our collective asses and voting/participating in the political system would be a big part of said answer.
Re:Possession (Score:2)
The answer (currently) is deniable steganographic encryption. At the moment, these systems work by having small amounts of data in large amounts of chaff. Only the correct key can identify data, which appears random without the key. Thus, anyone without the key cannot determine the existance or non-existance of data.
Similarly, someone holding one or more keys to data cannot determine whether there are any additional filesystems available.
The main difficulty is that one filesytem has no way of knowing whether it's overwriting the packets of another (because it doesn't know what other filesystems exist), so each piece of data needs to be duplicated to guard against its accidental deletion.
The other difficulty is that the system works best on a disk with far more storage area than will ever be used, so you might work with a couple of 100Mb filesystems on a 20Gb disk. But with text-files mentioned in the article, this isn't a problem, and 20Gb disks are considered quite normal now.
Oh, and don't even think of using MS Word to write documents that're going onto a deniable filesystem.
Still Not Good (Score:5, Insightful)
Re:Still Not Good (Score:1)
One solution could be something like a Live CD system (which doesn't leave any trace of your activity on your computer) which uses some sort of 'online' information hiding program (which should be accessible without being traced), but in this case even only the possession of this 'suspect' CD could put you into troubles.
As long as they don't access to your PC and they don't intercept any suspect communication from it (I suspect that a PGP encrypted mail leads straight to torture in some countries), however, this is a good method to raise the chances of success in human rights violations reporting.
Specious reasoning (Score:2)
They may not be able to break the encryption, but they sure as hell can break you.
Then it would be pointless to encrypt in the first place. If you're so weak willed that you'll give up the content (vis encryption key) before you give up your life, then your willingness to be tortured for that access accomplishes nothing.
Now I'm sure some will come to your defense and site a situation where encryption is used for non-life-or-death data, but then the logic breaks down there, too, because while you can encrypt all your email with GPG or the like, doing so without the resolve to meet any attack the encryption may face is an indicator of just how important the content is. For most, encryption is merely a "prying eyes" issue, not an "oh fuck; they've crippled me and may kill me (or jail me for contempt of court, for those dealing with more benign powers)" issue.
Re:Specious reasoning (Score:2)
Where you will be repeatedly ass-raped and contract AIDS, be given insufficient medical care, and die anyway.
Re:Still Not Good (Score:2)
You may be in the possession of said encrypted material, but you may not, in fact, know what is in it or how to get at it.
Many activist organizations work on the same principles as armies and terrorist cells: you operate on a need-to-know basis, with instructions and keys given to you in pieces. Often you have to "share a secret" with someone else to get the answers to critical questions.
Furthermore, you are often instructed to sing like a bird when captured. It is intended that you don't know enough (as an individual) to seriously damage the whole organization.
Of course, if you are an important member of an organization who has access to a lot of critical information you are in the dangerous position where you have to hide information.
In this case, as you say, encryption is not enough. From a brief survey of the Benetech web site referenced in this article, they are interested in the complete package: the secure transmission, obfuscation, encryption and dissemination of critical information under extreme circumstances.
Re:Still Not Good (Score:3, Insightful)
'I'm about to be captured. Please assume anybody logging in as me is an evil cracker. Anything that can be decrypted with my key should be re-encrypted with the key of a 'safe' user who is registered with a 'safe' country'
Determining 'safe' countries and 'users' would require some care. Perhaps a voting system of some kind? or Central control by the project maintainer (via their private key)?
Both systems could be abused. The first system would be prone to the agents of the 'evil' army registering as users and overwheliming by force of numbers.
The second system would put require all other users to trust the maintainer, and could be compromised by their capture and interrogation.
(Being the maintainer of such a project would make one a target of many hostile intelligence agencies).
I think the most trustworthy system would be a variant of the first, whereby all new users had to be declared 'trusted' by unanimous vote of current 'trusted' users. Of course this wouldn't scale to well, adding new user becoming slower and more difficult as each new user is added.
Establishing trusted countries could be handled as follows
1) If any trusted user claims a country cannot be trusted, then the system assumes the country cannot be trusted until 'reinstated' by unanimous vote.
2) If any user who is registered to that country invokes the 'i've been captured' feature above, the country is no longer to be trusted until restored by unanimous vote.
By unanimous vote I mean a unanimous vote of trusted users in trusted countries.
Does this make sense?
Re:Still Not Good (Score:3, Informative)
Re:Still Not Good (Score:2)
Or the International Committee for the Red Cross and Red Crescent Societies. Or other groups.
Most regimes know that kicking out internationally renouned groups like ICRC is very bad for their foreign policies. They may harrass them, "accidently" kill them, etc. But they don't want to be known as a country that is hostile to international law or human rights. So torture is not really an option.
For example, imagine how much easier it would be to go to war if the Red Cross said their workers had been tortured? Of course indicating that their workers have been mistreated by Israel has not had much effect, but no Western country wants to invade Israel, so that isn't really a problem for that country *at this stage.* But imagine if the Red Cross was saying the same things about Iraq?
And I suspect that the mistreatment of ICRC workers (using them as human shields, etc.) by Israel has probably taken a serious toll on their trade negotiations with the EU, etc. in the last couple years. So even there, it is not a good idea to abuse internationally recognized human rights workers.
Re:Still Not Good (Score:2)
Please login: goldilocks
Challenge code: 382AQ929
Password:
The password you give is somehow easily mentally computed from the challenge code.
Using a different formula to mentally compute the response is a signal to the system that you can no longer be trusted. Sort of like how some alarm systems have an "ambush" code. If you enter that code instead of the real code, the system appears to disarm, but silently calls the police. My old employer had such a feature on their alarm system.
Once you've given a response code that indicates that it is YOU, but that you cannot be trusted, then the system, depending on sophistication and investment, could even appear to log you in and let you innocently work on stuff. Hypothetical example, you could read any non-classified documents. Maybe the filesystem needs to support a "secrecy" attribute. Of course, I'm a fan of filesystems like reiserfs that allow the arbitrary attachment of arbitrary attributes to files anyway. That way if you want to annoate your files with a level of secrecy, or with what icon should be displayed for the file, or what coordinates within the containing window the icon should be positioned at, etc. the filesystem will just accept whatever arbitrary attributes you wish to annoated the file with. These attributes don't go into the file's "data", but into the file's "directory entry" so to speak.
If you really care about freedom! (Score:4, Informative)
Redhat supported tyrannic mainland China against democratic Taiwan and gladly removed Taiwans status as independant in their latest distributions. The only reason is to make more dollars from China.
It should be notet that companies like HP and Microsoft has refused to remove Taiwans status as independant despite pressure and fines from the dictatorship in China.
There is plenty of really good distributions, there is simply no need to support tyranny.
Re:If you really care about freedom! (Score:2)
Oh please. (Score:3, Informative)
Redhat supported tyrannic mainland China
Oh please, if you all feel so strongly about tyrannic China, then why don't we see a boycott of Chinese products? Take a look around you and see how many products you use all the time that were "made in China". My Microsoft mouse, my Logitech mouse, my keyboard at work, some of the parts inside my computer, my Microcom modem etc, all made or assembled in China. Americans don't want to support China's tyranny, but they don't feel so strongly about it that they will stop buying China's cheaper products as a protest.
Re:If you really care about freedom! (Score:1)
Re:If you really care about freedom! (Score:2)
Re:If you really care about freedom! (Score:1)
It's what those people call any free state that supports or is supported by the U.S in any way, no matter how small.
Can This Work? (Score:2, Insightful)
Re:Can This Work? (Score:1)
Bascially it's the HIDING of info, not so uch protecting it.
Better to say it's not there than to say it's hidden.
THere was an article about it last week about hiding info in binaries in the same amount of KB etc
Re:Can This Work? (Score:2)
dave
In some situations (Score:3, Insightful)
If it's a high profile, or an International organisation that can tell the authorities where to stick it, crypto can be very valuable. For example, to keep intercepted communications secret. OTOH, no amount of crypto is going to do you any good if they can haul you away and beat it out of you.
It's a very useful tool, but only in the right circumstances.
Xix.
Re:Can This Work? (Score:3, Insightful)
Having the key won't do you any good once the data is sent to a server in another country.
but ... what if the black vans pull up..? (Score:1, Informative)
from the website--
"Martus bulletins are created and saved locally on your personal computer. Whenever an Internet connection is available, saved bulletins are automatically sent to a Martus server."
Irony (Score:1, Insightful)
Re:Irony (Score:1, Insightful)
In fact I'd propose that we all start living in caves again, but there are two problems:
1. That's what they *want* us to do.
2. They have plenty of caves where they come from; not even 'cave technology' is safe.
Re:Irony (Score:2)
How is it ironic? Almost every technology ever created by man has had the potential to be used for both good and evil. No surprise here.
Re:Irony (Score:2)
Don't expext the thugs to play fair (Score:5, Insightful)
it is just as useful to criminals as to human rights workers. This is not, of course, a problem per se, but
using this as a pretext, governments will simply ban possession and usage of this software. If they need any pretext, that is - in the kind of country this software is designed to be used, "human rights worker" is just another word for criminal.
This kind of software is useful to preserve personal privacy in a civilized nation. In a thugocracy, however, the police will just confiscate your computer, or you will be extradited/tortured/shot for being in possession of this software.
Re:Don't expext the thugs to play fair (Score:5, Insightful)
This software is also designed to widely disseminate the information. Once the cat is out of the bag on a global basis it is out of the reach of any single governmental organization.
the police will just confiscate your computer, or you will be extradited/tortured/shot for being in possession of this software.
Some people care enough to risk their lives in this cause.
Re:Don't expext the thugs to play fair (Score:3, Insightful)
Most people, for instance, would probably talk if the alternative was seeing acid injected into the eyeballs of their coworkers, or being forced to watch the slow execution of villagers they're supposed to be helping and then to eat their remains.
Re:Don't expext the thugs to play fair (Score:2)
If you are an American, you should be ashamed of yourself. This is exactly the situation we faced 200+ years ago. What if the people who founded this nation decided the sacrifice was too hard? Would they have turned turtle and spilled the beans, giving their friends and compatriots a death sentence?
While most moments of your life are spent on less than stellar events, when the time comes to be measured I only hope you will rise to the occaision, instead of slinking away like a dog.
A related project (Score:5, Informative)
From the homepage:
"Rubberhose transparently and deniably encrypts disk data, minimising the effectiveness of warrants, coersive interrogations and other compulsive mechanisms, such as U.K RIP legislation. Rubberhose differs from conventional disk encryption systems in that it has an advanced modular architecture, self-test suite, is more secure, portable, utilises information hiding (steganography / deniable cryptography), works with any file system and has source freely available. Currently supported ciphers are DES, 3DES, IDEA, RC5, RC6, Blowfish, Twofish and CAST."
Re:A related project (Score:5, Interesting)
It is possible to create encrypted containers 'embedded' in other ecrypted containers (Matryoshka-doll fashion), each protected with a password. So when the 'thugs' come knocking, you can give them a password which will unlock the outer container, without compromising the inner ones (which, obviously, aren't visible- you have to KNOW they exist).
Of course, the thugs already know about this software, so you can repeat the above process- give them three passwords and then say "that's all there is"- they can't prove otherwise.
Let's be pragmatic, though- this is only going to work if you believe the thugs would let you go if they couldn't prove anything. Otherwise, it's simpler to use gpg and a cyanide pill.
Re:A related project (Score:2)
I think there is value in it even when the thugs have you. You may be toast, but it would let you limit the amount of information divulged to what they can sweat out of you.
Xix.
Rubberhose looks cool, but... (Score:2)
For the purposes of argument, you have to assume that the world's best hardware is enslaved to the people who want to kill human rights activists; it really needs rigorous testing if the source code has been available to the bad guys for about 2 years.
Then again, maybe the activist groups have their own great coders and have secretly forked the source for continuing development, and are relying on obscurity as well as advancement to protect them against the bad guys.
Re:A related project (Score:2)
You must be hiding a collection of mp3's! Quick! Seize him!
Misuse of drm/palladium (Score:1, Funny)
More reasons to stop palladium, as it could be abused like this.
This concerns me greatly. (Score:4, Insightful)
I see this software and I find myself very afraid. It neatly packages up a military grade cryptographic communications solution and makes it freely available to the public. While the people who it is intended for will benefit greatly from it, those who intend to do harm will also have easy access to it.
Martus is a cryptographic solution: overt, secret communications. The people who this is intended for are already under surveilance by those who wish to do them and their contacts harm, so making the already-intercepted messages unreadable is the solution to this problem.
Criminal organisations would likely need more of a steganographic solution: covert, secret communications. An often-overlooked fact about secret communications is that the mere presence of secret messages can be an indicator that something is going on.
When Nazi Germany was using the Enigma, they had their communications officers send garbage messages[1] so that the Allies would not detect a sudden burst of communications activity indicating some sort of military action.
If a terrorist organisation* were to begin using a system like this, any intelligence services watching them would be tipped off and would have to figure out what's going on the old fashioned way (we all know what that means). But, the fact is that they are alerted to what's going on and can then follow up.
If you think about these points, I hope that your fears of evil people exploiting this effort may be eased. If anything, using this (or similar) software will tip their hands and expose that something is going on.
*An organisation targetting civilians with violent actions to serve political means.
[1] Simon Singh, The Code Book. (1999) Random House, New York
Re:This concerns me greatly. (Score:3, Insightful)
Under recent laws, not just in the US, but in other countries like the UK, you may be forced to disclose keys. The state by definition is generally law abiding, but the officers of the state are individuals. Some of those, I may trust, some I definitely will not. Yes there are criminals working for the state too.
Once information is acquired, it can not be forgotten. It may then be abused by the less honest state officials.
You raise the prospect of terrorists using this system. Look, I do not need crypto to tell a terrorist to attach. In WW2, the British SOE used the BBC to send messages to the French Resistance.
Re:This concerns me greatly. (Score:1)
To summarise my previous post for you, I said that "this system is not very useful to terrorists because using this system would give away that something's up and invite scrutiny."
You do need secret communications if you want to do a terrorist attack in countries like the USA. If you've watched CNN or read the newspapers over the past 18 months, you may have noticed that the FBI and friends are actively looking for terrorists to lay the smack down on. Setting off alarm bells by using an obvious secret communications tool (Martus) would just invite them to watch you more closely.
Re:This concerns me greatly. (Score:2, Informative)
Forget the rest of this. I don't think you grasp what Martus is really about.
It's about whisking incriminating data out of the reach of the powerful and into the hands of the rest of the world.
The more easily this data slips through their hands, the more circumspect the fascists will be about harming people (at the very least).
Re:This concerns me greatly. (Score:2)
Actually you don't need cryptography to attack the USA, words can have many meanings and it is easy to prearrange code words within an organisation. Where cryptography is important and vital in the west is business. There are lots of us who use cryptography on a daily basis. Most are just doing mundane things like legal money laundering (investment banking) or even just buying/selling over the internet.
Btw, forget Singh as an author. Go to Kahn's "The Codebreakers" instead. His book is far more authoritative.
Finally, I prefer to watch news rather than views so I gave up on CNN a long time ago.
Re:This concerns me greatly. (Score:2)
Incidentally, citing "Chonsky" never buys you any credibility with those who are familiar with his work. Great linguist; abyssmal student of international policy.
Re:This concerns me greatly. (Score:1, Insightful)
Oh the horror! Imagine what would happen if terrorist organizations got their hands on communication devices that allowed them to plan attacks while being even in different countries! (also known as cell phones). Or what could happen if terrorists could obtain information about how to make explosives (chemistry books come to mind).
Come on people, this argument makes no sense at all. By that logic, we should ban all technology, since even a big wheel can be used to kill somebody! Heck, I could use the cup of tea I have here and use it as a weapon by breaking it against somebody's head.
When will people understand that there's no way of turning the world into a padded cell? Even if all technology was suddenly taken away we'd be still be able to kill people with our bare hands. What then, forbid exercise?
Re:This concerns me greatly. (Score:3, Insightful)
Such is the price of Open Source and the desire for freedom of speech. Should a terrorist organization start using strong encryption, they could do as the Germans and send those "garbage" messages so that the level of communication traffic is relatively constant. One would have thought they would have figured this out by now, but I guess not.
I would be more concerned of such cryptography were NOT available to the public. I have just as much right to secure my data and communications as anybody, and I'm not a political activist, human rights worker, or terrorist. PGP secures data on my Windows box, and I try to encourage the use of PGP in e-mail whenever possible (besides the fact that spammers don't use it and it would make spam filtering SOOO easy, but that was the topic of another post some time ago).
Re:This concerns me greatly. (Score:3, Insightful)
As opposed to the people [accuratepowder.com] who package up miltary-grade firearms and make them freely available to the public?
Or indeed, to Iran [imt.net], China, Iraq [commondreams.org], Indonesia [motherjones.com], and others [fas.org]...
what "firearms" are free? (Score:2)
I only saw powder on that website, and they sell it through retailers/dealers. I don't think that's a fair comparison.
Re:what "firearms" are free? (Score:2)
Nope, I didn't. But it doesn't surprise me that there's lots of weird goings-on out there. If you look at a map of Oregon, a lot of it isn't just rural, there's just plain no roads, etc. And the tiny ex-logging towns you see may have just 50-1000 people in them. So a lot can be hidden away.
I loved the place. It's very beautiful, and the people in major population clusters are friendly. But remember those news stories about parents who killed their kids and went to beaches and parks and dumped their bodies? There's tons of places where nobody is around.
Don't forget the fact that the suicide rate is among the highest in the country, there. So other psychiatric/sociopathic/psychotic disorders are probably relatively high, also. Don't forget the large proportion of homeless people that live on the west coast, either, when considering mental illness.
Remember those two suburban girls that a neighbor killed, etc.? Even with people around, somehow they didn't hear anything. Twice. Don't forget that great police work after the fact, or the work of Child Protective Services in responding to one victim's accusations against the killer beforehand.
Re:This concerns me greatly. (Score:2)
Something any moron can make after a trip to the library.
And it's not only legal, it's constitutionally protected, for now. as if that meant anything anymore.
Java (Score:1)
Re:Java (Score:4, Informative)
Please remember that Java can be compiled. When it is, it can run ok even on older systems. We did a stock exchange client in Uzbekistan in Java on a 32MB 66MHz 486 under Win98SE because that was all they had available for the dealers at the exchange.
Re:Java (Score:1)
In this case, it isn't. But it probably should have been.
Re:Java (Score:2)
Why this is a useless plan (Score:3, Insightful)
They are wrong, people do know about them (many of them).
People don't give a shit. That's the problem, nobody wants to go solve other people's problems. It's not lack of awareness. Sure there is lack of awareness, and yes very few of the human rights violations of the world are documented.
But fundamentally, people only care about their own problems even if they are much smaller in comparison. People do not want to sacrifice for others, especially people they dont know are dont have a cultural bond with. It's a combination of ignorance and apathy, with apathy being the MAJOR dominant factor.
Martus and other projects like it will be a disappointment until people figure start caring about issues of human rights and try to solve them in a meaningful and logical manner (and that excludes the "let them kill each other" excuse/way).
Why your perspetive is shortsighted and useless (Score:2)
Personally, I think you're severely underestimating the people involved with the Martus project. In my experience, voluteers are almost always very aware of the apathy factor. It's usually assumed that everybody is aware of the apathy factor.
A lot of people don't give a shit, and each for thier own different reasons. However, there *are* a lot of people who do care and actually dedicate thier time to make a change. While thier work doesn't make the problems go away, contributions like this help.
While apathy/involvment can be a big factor in fighting issues like these, you're also forgetting political/commercial factors. For every political/commercial interests abusing human rights, there are usually opposing political/commercial interests who would love to expose thier opponent's corruption/evil to topple thier regime. Documenting human rights abuses, especially if it can indict key political figure can be extremely useful.
If Martus's system can make the process of gathering/distributing of key evidence more effective, kudos to the Martus team.
While everything I might have said may not be true, atleast I have enough imagination to realize my own ignorance and shortsightedness.
Re:Why this is a useless plan (Score:2)
Where have the worst massacres of the last fifty years happened? They've been in places that were difficult or impossible for Western TV crews to reach. Imagine if Rwanda had been as widely publicized, while it was happening, as Bosnia.
The Martus software has value after the fact, too. What happens after the nasty regime falls? Publicizing solid evidence of horrors can discredit the old regime and prevent it from coming back. Think Nuremberg, think South Africa's Truth and Reconciliation Commission.
Trusted Computing can get you killed (Score:1)
Rubberhose Filesystem (Score:1)
Re:Rubberhose Filesystem (Score:1)
Martus for tiny, cheap. (Score:1, Interesting)
The real benefit of Martus (Score:5, Informative)
The point is that in Martus, the crypto is integrated into a package that allows HR groups to a) send the data to a secure server, where there is b) a central database, and c) allow other, approved groups to view the data. This allows HR groups to get the info out from problematic areas to a place where the international community can see what's going on. Sure, terrorists could use the software to send messages, but what the heck do they need a database for? For HR groups, the problematic gov't could come cart off every computer and piece of paper in their office, and the data would still be secure and accessible. And as soon as they got access to another computer, they could start adding to it again.
Privaterra (Score:2)
Other things they could do (Score:2)
They should also have something like PGP's designated revoker functionality, so that when a friend notices that you've been abducted by the Gestapo, the friend can invalidate your private key, making it impossible for the Gestapo to forge bulletins from you.
Nah, they'll just arrest them for software piracy (Score:2)
Mod Me Sleepy/Stupid (Score:1)
Re:Thank You, Drive Through (Score:1)
Re:Great idea (Score:1, Insightful)
No -- wait. They're on-record as intending TO DO JUST THAT.